lf you want a PDF of the slides join 


https://groups.io/g/net-44-vpn 


and visit the ‘Files’ section. 


BRINGING NET-44 AND 
IPV6 TO YOUR STATION 
VIA VPN 


A brief presentation on creating your own Internet 
connected network for Amateur Radio using a VPN 
tunnel and BGP advertised static IP address space. 


Net- 


44 (AmprNet)... 


* What is it? 
* Net-44 isa Class-A CIDR /8 IPv4 Network 
°* 16 Million 1p addresses 

We've had it for 20-30 years 


It's a Valuable. largely unused resource 
Exclusively for Amateur Radio 


DCC — 2012 ATLANTA 


What Will Be Covered 


This presentation will examine the steps and resources to create a VPN 
connected static IP address space in Net-44 and IPv6 to: 


¢ Enable Amateur Radio services such as websites and databases 
e Enable access to station resources over the Internet 


¢ Add Amateur Radio loT (WX station, Remote Control, ...) 
Ground rules: 
Net-44 addresses may only be used for Amateur Radio experimentation and infrastructure. 
IPv6 Addresses may be used for any legal purpose. 
Transmissions on amateur frequencies must conform to Amateur Radio Service rules. 
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NW7DR Dashboard NW7DR Dashboard 
NW7DR Gateway NW7DR Gateway 
Raspberry Pi 2 Model B Rev 1.1 Uptime: 27 days 01:49:55 h:m:s Raspberry Pi 2 Model B Rev 1.1 Uptime: 27 days 01:50:55 h:m:s 
http://nw7dr.dstar-relay.net http://nw7dr.dstar-relay.net 
NW Dig Radio Club Load Avg: 1m 0.00 5m 0.03 15m 0.06 NW Dig Radio Club Load Avg: 1m 0.07 5m 0.04 15m 0.06 


Edmonds, WA Reporting to IRCDDB hosts: 
group2-irc.ircddb.net 
rr.openquad.net 
Services: 
CCS-Linking DCS-Linking DExtra-Linking DPlus-Linking D-RATS-Host DTMF- 
Commands Echo-Command Info-Command 


NW7DR C - REF029 A 


Recent Traffic on NW7DR C 
Time __—|Sender_|4 Char[Destination|Rpti__|Rpt2__ [Flags _| 


8/25/2018, 9:32:35 AM KD7AAT JOHN CQCQCQ NW7DRGNW7DRC 00 00 00 
8/25/2018, 9:34:25 AM K7HRT PAT CQCQCQ NW7DRGNW7DRC 00 00 00 
8/25/2018, 9:34:51 AM K7LW ID51 CQCQCQ NW7DRGNW7DRC 00 00 00 
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Edmonds, WA Reporting to IRCDDB hosts: 
group2-irc.ircddb.net 
rr.openquad.net 


Services: 
CCS-Linking DCS-Linking DExtra-Linking DPlus-Linking D-RATS-Host DTMF- 
Commands Echo-Command Info-Command 


NW7DR C - REF029 A 


Recent Traffic on NW7DR C 
Time Sender _|4Char[Destination|Rpt!___[Rpt2_|Flags_| 


8/25/2018, 9:32:35 AM KD7AAT JOHN CQCQCQ NW7DRGNW7DRC00 00 00 
8/25/2018, 9:34:25 AM K7HRT PAT CQCQCQ NW7DRGNW7DRC00 00 00 
8/25/2018, 9:34:51 AM K7LW = 1D51 CQCQCQ NW7DRGNW7DRC00 00 00 


Applications 


Remote Station Management and Operation 
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AA x.x.100 VPN — Internet - VPN 
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Applications 
Fixed IP While Traveling / Mobile (Tunnel through LTE Example) 


Vi 


Wifi/Wired with DHCP/Static 
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Applications 
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ff [44] AMPRNet Portal x 
¢ C Q | @ Secure | https://porta... + a @ © w. @ & 7 @nmnm iW B a 


si: Apps News Politics and Policy Popular Ham Radio i] Status - Digital Fortr: Ei Facebook €} FOP2 » Other bookmarks 


Home | Wiki| About| Site Terms | Privacy Policy | Contact Us | Password Information 


(ampnnet AMPRNet Portal 


Register Password Reset Login 
Home Contactus Networks 


Welcome to the AMPRNet Portal 


Please login to view the full range of services available. If you do not yet have an account, please register using 
the link above, access is open to all licenced radio amateurs involved in packet radio throughout the World. 


For technical information regarding getting started on 44-Net, please visit our Wiki at http://wiki.ampr.org 


One of the most frequently asked questions, is "how do | get an IP address", so here is a link to our wiki that 
explains the process: http://wiki.ampr.org/wiki/Requesting_a_block 


Thank you to everyone who has contributed to the portal effort: 


e SP2L, Tom. For the Polish translation. 


© Copyright AMPRNet, 2008 - 2018. All rights reserved. | Coded by GiFEF | W3C Compliant XHTML & CSS [en] 
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| Home cache Password Reset Login 


Request a login 


In order to access the portal, you first need to create an account. The first step is to provide us with your details 
on the form below. When you submit the form, the system will send you an email asking you to verify your email 
address, please follow the instructions provided in the email in order to continue with the registration process. 


We strongly advise that you add our email address info@ampr.org to your safe senders list / whitelist this will 
ensure that our emails are not blocked by your anti-spam software. 


Required details 


Callsign: @ \WweE7R & 
Username: @ \w7r-club | 


Password: @ 


Password: | 


First name: @ John 


Surname: @ Hays 


Email: @ john@hays.org 
Organisation: @ Nw Digital Radio Club 
Grid square: @ cng7uu 


Country: 7) UNITED STATES i 
Enter number: @ 


| agree: @ ™ To the Terms and Conditions 


Register 
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Home| Wiki| About| Site Terms] Privacy Policy| Contact Us | Password Information a 


(ampnnet AMPRNet Portal 


Gateways Logout 


Home Contactus Networks Allocations Profile API 


Regional Networks 


AMPRGW 


San Francisco/Silicon Valley 


Calif: San Brdo & 


Alaska 
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Obtaining Net-44 Addresses 


When you reach your regional network, you will be presented with existing allocations. 


At the bottom of the list, you can request an allocation by clicking on the link, e.g. 44.24.0.0/16 


44.24 .200.0 / 22 San Juan County KD7KAB KD7KAB 
44 .24.221.0/ 24 HamWAN PSDR Anycast K7WAN 
44.24.240.0 / 20 HamWAN PSDR K7WAN 


lf the address range you want is not within any of the subnets above, or the region you are located in is not 
listed above, you may request an allocation from the parent network by clicking here: 44.24.0.0/16 


You need to be logged in to request an allocation. If you are not logged in when you make a request, you will be 
re-directed to the login page. 


Go back to parent network 
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Home| Wiki| About| Site Terms | Privacy Policy | Contact Us | Password Information 


(amennet AMPRNet Portal 


Gateways Logout 
Home Contactus Networks Allocations Profile API 


Request Allocation 


Network Details 
Parent network: @ 44 24.0.0/16 


Netmask requested: @ / 24 v 
Description: @ |WF7R Club Subnet 
Type: @ End user v_ 
Connection Details 
Radio: @ 
IPIP Tunnel: @ 
Direct (BGP): @ 
Accompanying notes 


Notes: @|this network will be used by NW Digital 
Radio Club for remote station operation, 
linking, VOIP,| and websites.... 


Send 


If you need to request a specific IP or range of IP's, for example, because you already have an allocation and 
need to get it registered on this portal, please let the co-ordinator know by specifying the IP(s) in the "Notes" 
box. If this is a new request, the co-ordinator will allocate your IP(s) from the available space within the subnet 
above. Please ensure that you select the netmask based on the size of the allocation you are requesting. 
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for your ne 

to permit routing and 
advertisement of your 
subnet. 


Additional Information for Routing Net-44 


When your ‘direct (BGP)’ allocation is processed, you will be assigned the block of addresses for your 
subnet. 


In order to have a network service provider route your subnet, additional information will be required by 
the ARDC. 


Example information from Spartan Host <sales@spartanhost.net> — verify with provider before 
submitting. 


° ASN that will advertise the subnet: 201106 

¢ Network Service Provider name: Spartan Host Ltd 

* NSP postal address: 280 Comber Road, Dundonald, Belfast, BT16 1UR, United Kingdom 
¢ NSP telephone: +446029105858 
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E3 KVM VIRTUAL SERVERS E5 KVM VIRTUAL SERVERS 


STORAGE SERVERS 


20 GBPS DDOS PROTECTED (TCP) 


SEATTLE E5 KVM VIRTUAL SERVERS 


RAID 10 SSD 


$2.50 $5 $10 $15 


per month per month per month per month 


512MB Memory 1024MB Memory 2048MB Memory 3072MB Memory 


40GB SSD Disk Space 15GB SSD Disk Space 30GB SSD Disk Space 45GB SSD Disk Space 


1000GB Transfer @ 1Gb/s 2000GB Transfer @ 1Gb/s 3000GB Transfer @ 1Gb/s 3500GB Transfer @ 1Gb/s 


1 vCore (3.0 GHz) Processor 2 vCore (3.0 GHz) Processor 2 vCore (3.0 GHz) Processor 3 vCore (3.0 GHz) Processor 


1 IPv4 + /64 IPv6 Address 1IPv4 + /64 IPv6 Address 1 IPv4 + /64 IPv6 Address 1 IPv4 + /64 IPv6 Address 
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1024MB SEABKVM 


RAM: 1024MB CPU: 2 Cores IPv4: 1 Storage: 15GB Raid 10 SSD Bandwidth: 


2000GB Port: 1Gb/s DDoS Protection: 20Gb/s TCP Location: Seattle, 


Washington Control Panel: Virtualizor Managed: No 


Choose Billing Cycle 


1 Month Price - $5.00 USD 


Configure Server 


Hostname 


foo.k7ve.net 


Configurable Options 


Number of IPs Virtlo 


1 +| Enable 


Virtual Network Type Operating System 


VirtlO +| Ubuntu 16.04 64-bit 
Location 
Seattle, Washington || 


Additional Required Information 


How did you find us? 


Example 
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1024MB SEABKVM 
DDoS Protected SSD E5 KVM VPS - 


Seattle 

1024MB SEABKVM $5.00 USD 
» Number of IPs: 1 $0.00 USD 
» VirtlO: Enable $0.00 USD 


» Virtual Network Type: VirtlO 

$0.00 USD 
» Operating System: Ubuntu 16.04 64- 
bit 

$0.00 USD 


» Location: Seattle, Washington 


$0.00 USD 
Setup Fees: $0.00 USD 
Monthly: $5.00 USD 


$5.00 USD 


Total Due Today 


Review & Checkout 


1024MB SEABKVM  ¢eai 
DDoS Protected SSD E5 KVM VPS - 
Seattle 

foo.k7ve.net 

» Number of IPs: 1 

» VirtlO: Enable 

» Virtual Network Type: VirtlO 

» Operating System: Ubuntu 16.04 64-bit 


» Location: Seattle, Washington 


$5.00 USD 


Monthly 


x 


Subtotal $5.00 USD 


Totals $5.00 USD Monthly 


$5.00 USD 


Total Due Today 


Checkout > 


Continue Shopping 


Spartan Host Provisioning Example 
Check out 


Shortly thereafter the host will be setup and ready to use. 


Optionally, and recommended, as part of the setup you can enable 2 factor authentication for the VPS 
control panel. It uses the Google Authenticator application. 


Google Authticator 4 
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NM Spartan Host 


a 


>) John's Meanderings 


@ @ https://vps.spartanhost.net:4083/sesso3dgfrrdtk4sxurn/index.php?#ac! 


% Most Visited >) Latest Headlines F\ARRL AudioNews _ Getting Started }\ Amateur Radio QSO.. 


spartarjis¢ 


GJ ustves 
= tasks ubuntu © 


= SSH Keys 


8 so 


ubuntu-16.04-x86_64 Power Options 


& Applications #% VPS Management 3 lal Server Stats & 


a ~ Disk CPU 
%q Ri : —) 
f+ Reverse DNS P| — Sr 
= ‘a st 
My Profile Hostname Change Password IPs VPS Configuration SSH Keys 2% 
12.62% Used Used 
¥ Settings n * a. 
C c B @ Z, 
Qa Account Password VNC VNC Password OS Reinstall Control Panel Applications Rescue Mode 


» API Credentials 


i O ft Wa ©) 
Nast 
@ security Settings ie al 


Manage |Pv6 Recipes Monitoring Status Logs Logs Self Shut Down 
Subnets 14:53:10 14:53:15 14:53:20 14:53:25. 14:53:30 14:53: 


2) Support 


ll Bandwidth Statistics & |ul Monthly Chart EE 


Bandwidth 


} Prev Month | Aug 2018 @ Download Ml Upload 


9G 


Limit: 1000 GB Utilised : 7.92 GB % utilized: 0.79 % 


Usage | In Out 1% 
700 M Used 7G 


8G 


6G 
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lil Bandwidth Statistics 


Limit: 1500 GB 


2G 


1000 M 


Bandwidth 
Aug 2018 
Utilised : 35.32 GB % utilized: 2.35 % 
Usage | In i Out 2% 
Used 
Network Speed (MB/s) 


. 
Total Bc load 
speed 
Upload 


lu Monthly Chart Ea 


Download Mi Upload 


59G 


49G 


39G 


20G 


10G 


OM 


Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec 


© john.h — root@test: ~ — ssh root@test.k7ve.net — 100x25 _ 


} Johns-MacBook-Pro:~ john.h$ ssh rootétest .k7ve.net 
rooté@test .k?ve.net's password: §) 
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Update the VPS Server 


see 

Update Ubuntu 

Issue the following commands 

apt-get update 

apt-get upgrade 

Change the ssh port number by editing /etc/ssh/sshd_config 


Note the new ssh port for future logins 


Change the timezone using: 
dpkg-reconfigure tzdata 


reboot 
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Turn on router capabilities for the VPS 


Edit the file /etc/sysctl.conf and uncomment, update, or add the following lines: 


net.ipv4.ip_forward=1 
net.ipv6.conf.all.forwarding=1 
net.ipv6.conf.all.proxy_ndp=1 
net.ipv4.conf.all.accept_redirects=0 
net.ipv6.conf.all.accept_redirects=0 
net.ipv4.conf.all.send_redirects=0 


Save the file and then reload it with the command 


sysctl -p 
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4 


Install and Prepare OpenVPN 


apt-get install openvpn easy-rsa 


Adding a special new account, allows OpenVPN to run under non-root privileges, which is a good 
security enhancement. 


useradd vpn 


Edit and add the account to /etc/sudoers 

# OpenVPN 

Defaults:vpn env_keep += "ifconfig pool_remote_ip common_name" 
vpn ALL=NOPASSWD: /etc/openvpn/server-clientconnect.sh 

vpn ALL=NOPASSWD: /etc/openvpn/server-clientdisconnect.sh 


Make these changes active with a reboot 


reboot 
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Create your Certificate Authority (CA) 


cd /usr/share/easy-rsa 


Edit and save a file named vars using your preferred editor. 
Update these variables: 


export KEY COUNTRY="US" 
export KEY PROVINCE="CA" 
export KEY CITY="SanFrancisco" 


export KEY ORG="Fort-Funston" 

export KEY EMAIL="me@myhost.mydomain" 
export KEY OU="MyOrganizationalUnit“ 
export KEY NAME="server“ 

Run: source ./vars 
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Create your Certificate Authority (CA) 


Generate server and Diffie Hellman parameters, then copy to /etc/openvpn: 


./clean-all 

./build-dh 

./build-ca 
./build-key-server server 


openvpn --genkey --secret keys/ta.key 
cd keys 
cp ca.crt server.crt server.key ta.key dh2048.pem /etc/openvpn L 
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Download Scripts and Support Files 
Get allfiles.tgz from and save to /tmp 


cd /tmp 

tar -xzvf allfiles.tgz 

cd /tmp/etc/openvpn 

cp * /etc/openvpn 

cd /tmp/usr/share/easy-rsa 
cp * /usr/share/easy-rsa 


Make sure the scripts are executable and create the "Client Configuration Directory" 


cd /usr/share/easy-rsa 
chmod +x *.sh 

cd /etc/openvpn 

chmod +x *.sh 

mkdir ccd 
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Update Network Variables and Make server.conf 


With your net-44 subnet and netmask in hand, along with the IPv6 prefix from your Spartan Host 
account, edit the file /etc/openvpn/network-variables 
Replace values marked in yellow below with your network values 


LOCALIPV4=127.0.0.1 
IPV6PRE=2006:f00d:beef:4e 
IPV4NETWORK=44.1.0.0 
IPV4NETMASK=255.255.255.0 


Run the script to build the server.conf file 


cd /etc/openvpn 
./server.config.sh 


This will create a file named server.conf.new, review it's contents and if it looks right copy it t 
server.conf 
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set Tunnel Value and Start OpenVPN 


Define the Tunnel 
Edit the file /etc/openvpn/variables it will contain two lines 


prefix=aaaa:bbbb:cccc:dddd:80:: 
prefixlen=112 


aaaa:bbbb:cccc:dddd should be the IPv6 prefix from your Spartan Host account. 


Startup and Enable the VPN server 

Start the server, look at it's status, and if OK, then enable it. 
systemctl start openvpn@server 

systemctl status openvpn@server 


systemctl enable openvpn@server 


If you followed all of the steps correctly, you should have a working 
VPN Server! 
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setup Clients — Update Template 


Run build-template.sh, It will create a file config.openvpn.tpl.new which should be copied to 
config.openvpn.tpl 


cd /usr/share/easy-rsa 
./build-template.sh 
cp config.ovpn.tpl.new config.ovpn.tpl 


Note: This configuration file uses the public IP address of the VPS, you may want to change it to a domain name, 
if you have given one to your VPS. 


It only needs to be run once, you can edit the resulting config.openvpn.tpl if you need to mak 
changes. 
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setup Clients — Create OVPN Files 


Repeat for each client: 


cd /usr/share/easy-rsa 
./generate_openvpn_config.sh 


Pick a user name, you might want to use a callsign or other designation. Since we previously edited the 
vars file, most values will be populated correctly, so just hit return, except for the following questions: 


Please type in user name for the new config:username-of-client 
Sign the certificate? [y/n]:y 
1 out of 1 certificate requests certified, commit? [y/n]y 


This will create a file a file named openvpn_username-of-client.ovpn 
This file will be transferred to your client after installing OpenVPN on the client. 
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Install and Configure OpenVPN on Clients 


OpenVPN is available for almost all major modern operating system, including Microsoft Windows, Mac 
OS, Linux, Unix, Android, Apple IOS, ... see https://openvpn.net/ for many clients. 


Raspberry Pi - Raspbian and Similar Linux Devices 
Login to your device and do the install 
sudo apt-get update 


sudo-apt-get upgrade 
sudo apt-get install openvpn unzip 
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Install and Configure OpenVPN on Clients 


Install OVPN Configuration 
Copy the .ovpn file you created to the local system. It should be placed in /etc/openvpn - sftp is a good 
method. 


cd /etc/openvpn 

# If you have changed the ssh port, use sftp -P <portnumber> root@[VPS Host] 
sudo sftp root@[Your VPS IP or Domain Name] 

sftp> cd /usr/share/easy-rsa 

sftp> get openvpn_username-of-client.ovpn 

sftp> exit 

sudo mv openvpn_username-of-client.ovpn username-of-client.conf 


# | like dropping the openvpn_, and on Linux .conf is preferred to .ovpn for the filename 
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Running OpenVPN on Clients 
Startup Your Client 
sudo openvpn --config /etc/openvpn/username-of-client.conf --daemon 
# wait a short time and 


ifconfig tun0 
hostname -l 


4 
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Assigning IP Addresses and Subnets to a Client 


Login to your VPS as root, then 


cd /etc/openvpn 


./make-ccd.sh 
Example (Use a netmask of 255.255.255.255 for a single address, see what mask to use for subnets at http://www.rjsmith.com/CIDR-Table.html 


Building CCD file .. 
Client Name (same as used when building ovpn file 
username-of-client 


Host IPv4 address to assign to client (in 44.1.0.0/255.255.255.0) 
44.1.0.20 


Client subnet mask, eg. 255.255.255.255 or 255.255.255.240 
255.259.205.240 


Host IPv6 address to assign to client (2006:f00d:beef:4e:80::xxxx) 
2006:f00d:beef:4e:80::1001 
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Assigning and Monitoring Client IP Addresses 


The make-ccd.sh will create a file in /etc/openvpn/ccd with the same name as the username, e.g. 
username-of-client that will be used to setup the client addressing and routing. 


Example content of /etc/openvpn/ccd/username-of-client: 


ifconfig-push 44.1.0.20 255.255.255.0 
ifconfig-ipv6-push 2006:f00d:beef:4e:80::1001/112 2006:f00d:beef:4e::1 
iroute 44.1.0.20 255.255.255.240 


route-ipv6 2006:f00d:beef:4e:80:: 
If your client doesn’t pick up these values, restart the OpenVPN server, as root on your VPS: 
systemctl restart openvpn@server 


You can see the clients that logged in with: 


cat /etc/openvpn/openvpn-status.log 
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Je — (s) x 
/ [D) K7VE Net OpenVPN Stat x q 
& (Ge) fay | f@ Secure | https://vpn.k7ve.net/openvpn-monitor/ a lee ao w. 2 © cs é@4uwnN Bs a G: 
HE Apps News Politics and Policy Popular Ham Radio [fil] Status - Digital Fort [FJ Facebook €} Fop2 AmazonSmile |] QR Code Generator- fM Customize Links Bookmarks @ Hangout [) » Other bookmarks 
K7VE VPN 
VPN Mode Status Pingable Clients Total Bytes In Total Bytes Out Up Since Local IP Address 
Server CONNECTED Yes 1 236167577 (225.2 MiB) 806500742 (769.1 MiB) 01/09/2018 11:40:39 44,24.135.1 
Username / Hostname ¢ VPNIP ¢ RemoteIP Location $ Bytes In ¢ Bytes Out ¢ ConnectedSince  $  LastPing ¢ TimeOnline $ f 
nw7dr 44.24.135.10 50.46.143.64 =) Lynnwood, United States 102016996 (97.3 MiB) 118225878 (112.7 MiB) 01/09/2018 11:40:45 02/09/2018 17:27:24 1 day, 5:46:39 y 


x-gnu [SSL (Open$SL)] [LZ] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017 


“sam anuany woe 


Lynnwood 
y 


North Creek 


WA S24 
Emérald 
Hills 


Page automatically reloads every 5 minutes.Last update: 02/09/2018 17:27:24 


https://github.com/furlongm/openvpn-monitor 
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Caveats and Considerations 


| encourage sharing an account and subnet, but this comes with special responsibilities: 
* Keep up to date contact information on portal.ampr.org 
* Periodically make sure that the addresses are not being used inappropriately 


* Revoke certificates of abusers 
* Stop routing subnets that have been compromised or for DMCA takedown requests. 


Install and maintain firewalls to help enforce useage standards 
A VPN’ed host has access to your LAN, so take proper isolation measures and/or firewall rules. 
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Q&A — and Help 


A support and sharing group is at 
https://groups.io/g/net-44-vpn 
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